Synthesia · Synthesia Privacy Policy

Data Subject Rights Exercise Process

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

You can ask Synthesia to show you, correct, delete, or transfer your personal data by emailing privacy@synthesia.io, and they must respond within 30 days (or up to 3 months for complex requests).

Consumer impact (what this means for users)

You have legally enforceable rights to access, delete, or transfer your personal data held by Synthesia — including facial and voice recordings — by submitting a request to privacy@synthesia.io, with a response due within 30 days.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Within 30 days
    Email privacy@synthesia.io stating your full name, account email, and the specific right you wish to exercise (e.g. erasure of all personal data including biometric recordings). Synthesia must respond within 30 days under GDPR/CCPA.
  • Export Your Data
    Within 30 days
    Email privacy@synthesia.io to request a copy of all personal data Synthesia holds about you (data portability request). Include your account email address and specify you are requesting data in a machine-readable format.

Cross-platform context

See how other platforms handle Data Subject Rights Exercise Process and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

These rights are legally enforceable under GDPR and CCPA, and knowing how to exercise them gives you control over your data including any biometric recordings used for AI avatars.

View original clause language
You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing based on legitimate interests. To exercise these rights, please contact us at privacy@synthesia.io. We will respond to your request within 30 days, which may be extended by a further two months in complex cases.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: GDPR Arts. 15–22 establish data subject rights including access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21); UK GDPR mirrors these rights; CCPA/CPRA §§1798.100–1798.125 establish equivalent California rights including right to know, delete, correct, and opt out. ICO, EU DPAs, and CPPA enforce these rights. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    FTC enforces against deceptive privacy practices under Section 5, including failure to honour stated data subject rights commitments.
    File a complaint →

Provision details

Document information
Document
Synthesia Privacy Policy
Entity
Synthesia
Document last updated
April 29, 2026
Tracking information
First tracked
April 30, 2026
Last verified
April 30, 2026
Record ID
CA-P-004286
Document ID
CA-D-00470
Evidence Provenance
Source URL
https://www.synthesia.io/privacy-policy
Wayback Machine
View archived versions →
SHA-256
7648d9071447f69ed848238281e6ab982ee2d650c8e20eb74c961b356314a183
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Synthesia | Document: Synthesia Privacy Policy | Record: CA-P-004286
Captured: 2026-04-30 07:49:32 UTC | SHA-256: 7648d9071447f69e…
URL: https://conductatlas.com/platform/synthesia/synthesia-privacy-policy/data-subject-rights-exercise-process/
Accessed: May 2, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document